In the Loofah gem up to and including 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian debian linux 9.0 |
||
loofah project loofah |